[Gecko Bug 1901510] part 5) Provoke a CSP violation for `object-src 'none'` with "video/mp4" and dummy data instead of with the flash plugin in <trusted-types-reporting.html>. - Githubissues

web-platform-tests / wpt

Test suites for Web platform specs — including WHATWG, W3C, and others

https://web-platform-tests.org/

Other

4.8k stars 3k forks source link

[Gecko Bug 1901510] part 5) Provoke a CSP violation for `object-src 'none'` with "video/mp4" and dummy data instead of with the flash plugin in <trusted-types-reporting.html>. #46977

Closed moz-wptsync-bot closed 5 days ago

moz-wptsync-bot commented 5 days ago

The spec (https://w3c.github.io/webappsec-csp/#object-src) doesn't specify for which types a default plugin is loaded. Moreover, it doesn't specify the behavior when plugin content can not be loaded.

This patch increases web-compatibility, because it provokes a CSP violation for Gecko/Firefox too.

Differential Revision: https://phabricator.services.mozilla.com/D215363

bugzilla-url: https://bugzilla.mozilla.org/show_bug.cgi?id=1901510 gecko-commit: e68da2d23a8e7266701e94dc87e4158cf66c93ca gecko-reviewers: tschuster